chkrootkit indicates infection
Technomage
technomage-hawke at cox.net
Mon Oct 24 12:10:45 MST 2005
On Monday 24 October 2005 10:23, Josh Coffman wrote:
> I just installed rkhunter and chkrootkit and ran them.
> chkrootkit gave me one infected message:
>
> Checking `bindshell'... INFECTED (PORTS: 4000)
>
> What can I do to find out more? I'm not sure if this
> message really means I have a problem or just
> something I need to investigate.
>
> btw, rkhunter seemed to say everything checks out.
> Just a couple things were in yellow text which I can't
> read against the white console background.
>
> -j
thats a "possible infection".
you might have to break out the rescue disk and reinstall that binary (its
affected package) and see if that solves the problem.
btw, I use chkrootkit for all my checks. seems to work out nicely.
TMH
More information about the PLUG-discuss
mailing list